@inproceedings{212db1bab84b45739e684542dfb3e55c,
title = "Towards Secure Open Banking Architecture: An Evaluation with OWASP",
abstract = "The European Union passed the PSD2 regulation in 2015, which gives ownership of bank accounts to the private person owning it. As a result, the term Open Banking, allowing third party providers and developers access to bank APIs, has emerged, welcoming a myriad of innovative solutions for the financial sector. However, multiple cyber security issues arise from exposing bank data to third party providers through an API. In this work, we propose an architectural model that ensures clear separation of concern and easy integration with Nordea{\textquoteright}s Open Banking APIs (sandbox version), and a technological stack, consisting of the micro-framework Flask, the cloud application platform Heroku and persistent data storage layer (using Postgres). We analyze the web application{\textquoteright}s security threats, and determine whether or not the technological frame provides adequate security protection, by leveraging the OWASP Top 10 list of the Ten Most Critical Web Application Security Risks. Our results can support future developers and industries working on web applications for Open Banking towards security improvement by choosing the right frameworks and considering the most important vulnerabilities, as well as contributing to the documentation and development of Nordea{\textquoteright}s APIs.",
keywords = "Open Banking API, OWASP, PSD2 regulation, Secure architecture, Threat and risk, Web security",
author = "Deina Kellezi and Christian Boegelund and Weizhi Meng",
year = "2019",
month = jan,
day = "1",
doi = "10.1007/978-3-030-36938-5_11",
language = "English",
isbn = "9783030369378",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer",
pages = "185--198",
editor = "Liu, {Joseph K.} and Xinyi Huang",
booktitle = "Network and System Security",
note = "13th International Conference on Network and System Security, NSS 2019 ; Conference date: 15-12-2019 Through 18-12-2019",
}